Bug 1773760 - part 8: move string constants to WebAuthnEnumStrings.h. r=keeler

Differential Revision: https://phabricator.services.mozilla.com/D167864

dom/webauthn/AndroidWebAuthnTokenManager.cpp

@@ -13,6 +13,7 @@
 #include "JavaExceptions.h"
 #include "mozilla/java/WebAuthnTokenManagerWrappers.h"
 #include "mozilla/jni/Conversions.h"
+#include "WebAuthnEnumStrings.h"
 
 namespace mozilla {
 namespace jni {
@@ -161,7 +162,8 @@ RefPtr<U2FRegisterPromise> AndroidWebAuthnTokenManager::Register(
                             java::sdk::Integer::ValueOf(1));
           }
 
-          if (sel.userVerificationRequirement().EqualsLiteral("required")) {
+          if (sel.userVerificationRequirement().EqualsLiteral(
+                  MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
             GECKOBUNDLE_PUT(authSelBundle, "requireUserVerification",
                             java::sdk::Integer::ValueOf(1));
           }
@@ -169,11 +171,13 @@ RefPtr<U2FRegisterPromise> AndroidWebAuthnTokenManager::Register(
           if (sel.authenticatorAttachment().isSome()) {
             const nsString& authenticatorAttachment =
                 sel.authenticatorAttachment().value();
-            if (authenticatorAttachment.EqualsLiteral("platform")) {
+            if (authenticatorAttachment.EqualsLiteral(
+                    MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM)) {
               GECKOBUNDLE_PUT(authSelBundle, "requirePlatformAttachment",
                               java::sdk::Integer::ValueOf(1));
-            } else if (authenticatorAttachment.EqualsLiteral(
-                           "cross-platform")) {
+            } else if (
+                authenticatorAttachment.EqualsLiteral(
+                    MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM)) {
               GECKOBUNDLE_PUT(authSelBundle, "requireCrossPlatformAttachment",
                               java::sdk::Integer::ValueOf(1));
             }

dom/webauthn/CTAPHIDTokenManager.cpp

@@ -5,6 +5,7 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WebAuthnCoseIdentifiers.h"
+#include "WebAuthnEnumStrings.h"
 #include "mozilla/dom/CTAPHIDTokenManager.h"
 #include "mozilla/dom/U2FHIDTokenManager.h"
 #include "mozilla/dom/WebAuthnUtil.h"
@@ -142,13 +143,15 @@ RefPtr<U2FRegisterPromise> CTAPHIDTokenManager::Register(
     const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection();
 
     bool requireUserVerification =
-        sel.userVerificationRequirement().EqualsLiteral("required");
+        sel.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED);
 
     bool requirePlatformAttachment = false;
     if (sel.authenticatorAttachment().isSome()) {
       const nsString& authenticatorAttachment =
           sel.authenticatorAttachment().value();
-      if (authenticatorAttachment.EqualsLiteral("platform")) {
+      if (authenticatorAttachment.EqualsLiteral(
+              MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM)) {
         requirePlatformAttachment = true;
       }
     }
@@ -270,7 +273,8 @@ RefPtr<U2FSignPromise> CTAPHIDTokenManager::Sign(
     const auto& extra = aInfo.Extra().ref();
 
     // Set flags for credential requests.
-    if (extra.userVerificationRequirement().EqualsLiteral("required")) {
+    if (extra.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
     }
 

dom/webauthn/U2FHIDTokenManager.cpp

@@ -5,6 +5,7 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WebAuthnCoseIdentifiers.h"
+#include "WebAuthnEnumStrings.h"
 #include "mozilla/dom/U2FHIDTokenManager.h"
 #include "mozilla/dom/WebAuthnUtil.h"
 #include "mozilla/ipc/BackgroundParent.h"
@@ -117,7 +118,8 @@ RefPtr<U2FRegisterPromise> U2FHIDTokenManager::Register(
     if (sel.authenticatorAttachment().isSome()) {
       const nsString& authenticatorAttachment =
           sel.authenticatorAttachment().value();
-      if (authenticatorAttachment.EqualsLiteral("platform")) {
+      if (authenticatorAttachment.EqualsLiteral(
+              MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM)) {
         requirePlatformAttachment = true;
       }
     }
@@ -126,7 +128,8 @@ RefPtr<U2FRegisterPromise> U2FHIDTokenManager::Register(
     if (sel.requireResidentKey()) {
       registerFlags |= U2F_FLAG_REQUIRE_RESIDENT_KEY;
     }
-    if (sel.userVerificationRequirement().EqualsLiteral("required")) {
+    if (sel.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       registerFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
     }
     if (requirePlatformAttachment) {
@@ -226,7 +229,8 @@ RefPtr<U2FSignPromise> U2FHIDTokenManager::Sign(
     const auto& extra = aInfo.Extra().ref();
 
     // Set flags for credential requests.
-    if (extra.userVerificationRequirement().EqualsLiteral("required")) {
+    if (extra.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       signFlags |= U2F_FLAG_REQUIRE_USER_VERIFICATION;
     }
 

dom/webauthn/U2FSoftTokenManager.cpp

@@ -5,7 +5,9 @@
  * You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 #include "WebAuthnCoseIdentifiers.h"
+#include "WebAuthnEnumStrings.h"
 #include "mozilla/dom/U2FSoftTokenManager.h"
+#include "mozilla/dom/WebAuthnUtil.h"
 #include "CryptoBuffer.h"
 #include "mozilla/Base64.h"
 #include "mozilla/Casting.h"
@@ -582,13 +584,15 @@ RefPtr<U2FRegisterPromise> U2FSoftTokenManager::Register(
     const WebAuthnAuthenticatorSelection& sel = extra.AuthenticatorSelection();
 
     bool requireUserVerification =
-        sel.userVerificationRequirement().EqualsLiteral("required");
+        sel.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED);
 
     bool requirePlatformAttachment = false;
     if (sel.authenticatorAttachment().isSome()) {
       const nsString& authenticatorAttachment =
           sel.authenticatorAttachment().value();
-      if (authenticatorAttachment.EqualsLiteral("platform")) {
+      if (authenticatorAttachment.EqualsLiteral(
+              MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM)) {
         requirePlatformAttachment = true;
       }
     }
@@ -822,7 +826,8 @@ RefPtr<U2FSignPromise> U2FSoftTokenManager::Sign(
     const auto& extra = aInfo.Extra().ref();
 
     // The U2F softtoken doesn't support user verification.
-    if (extra.userVerificationRequirement().EqualsLiteral("required")) {
+    if (extra.userVerificationRequirement().EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       return U2FSignPromise::CreateAndReject(NS_ERROR_DOM_NOT_ALLOWED_ERR,
                                              __func__);
     }

dom/webauthn/U2FTokenManager.cpp

@@ -23,6 +23,7 @@
 #include "nsIThread.h"
 #include "nsTextFormatter.h"
 #include "mozilla/Telemetry.h"
+#include "WebAuthnEnumStrings.h"
 
 #ifdef MOZ_WIDGET_ANDROID
 #  include "mozilla/dom/AndroidWebAuthnTokenManager.h"
@@ -469,11 +470,16 @@ void U2FTokenManager::Register(
 
     // The default attestation type is "none", so set
     // noneAttestationRequested=false only if the RP's preference matches one of
-    // the other known types.
+    // the other known types. This needs to be reviewed if values are added to
+    // the AttestationConveyancePreference enum.
     const nsString& attestation = extra.attestationConveyancePreference();
-    if (attestation.EqualsLiteral("direct") ||
-        attestation.EqualsLiteral("indirect") ||
-        attestation.EqualsLiteral("enterprise")) {
+    static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
+    if (attestation.EqualsLiteral(
+            MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT) ||
+        attestation.EqualsLiteral(
+            MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT) ||
+        attestation.EqualsLiteral(
+            MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ENTERPRISE)) {
       noneAttestationRequested = false;
     }
   }

dom/webauthn/WebAuthnEnumStrings.h

@@ -0,0 +1,49 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#ifndef mozilla_dom_WebAuthnEnumStrings_h
+#define mozilla_dom_WebAuthnEnumStrings_h
+
+// WARNING: This version number must match the WebAuthn level where the strings
+// below are defined.
+#define MOZ_WEBAUTHN_ENUM_STRINGS_VERSION 2
+
+// https://www.w3.org/TR/webauthn-2/#enum-attestation-convey
+#define MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE "none"
+#define MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT "indirect"
+#define MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT "direct"
+#define MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ENTERPRISE "enterprise"
+// WARNING: Change version number when adding new values!
+
+// https://www.w3.org/TR/webauthn-2/#enum-attachment
+#define MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM "platform"
+#define MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM "cross-platform"
+// WARNING: Change version number when adding new values!
+
+// https://www.w3.org/TR/webauthn-2/#enum-credentialType
+#define MOZ_WEBAUTHN_PUBLIC_KEY_CREDENTIAL_TYPE_PUBLIC_KEY "public-key"
+// WARNING: Change version number when adding new values!
+
+// https://www.w3.org/TR/webauthn-2/#enum-residentKeyRequirement
+#define MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_REQUIRED "required"
+#define MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_PREFERRED "preferred"
+#define MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_DISCOURAGED "discouraged"
+// WARNING: Change version number when adding new values!
+
+// https://www.w3.org/TR/webauthn-2/#enum-userVerificationRequirement
+#define MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED "required"
+#define MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED "preferred"
+#define MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED "discouraged"
+// WARNING: Change version number when adding new values!
+
+// https://www.w3.org/TR/webauthn-2/#enum-transport
+#define MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_USB "usb"
+#define MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_NFC "nfc"
+#define MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_BLE "ble"
+#define MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_INTERNAL "internal"
+// WARNING: Change version number when adding new values!
+
+#endif  // mozilla_dom_WebAuthnEnumStrings_h

dom/webauthn/WebAuthnManager.cpp

@@ -9,6 +9,7 @@
 #include "nsIURIMutator.h"
 #include "nsThreadUtils.h"
 #include "WebAuthnCoseIdentifiers.h"
+#include "WebAuthnEnumStrings.h"
 #include "mozilla/BasePrincipal.h"
 #include "mozilla/dom/AuthenticatorAssertionResponse.h"
 #include "mozilla/dom/AuthenticatorAttestationResponse.h"
@@ -313,7 +314,8 @@ already_AddRefed<Promise> WebAuthnManager::MakeCredential(
       // If current.type does not contain a PublicKeyCredentialType
       // supported by this implementation, then stop processing current and move
       // on to the next element in mPubKeyCredParams.
-      if (!aOptions.mPubKeyCredParams[a].mType.EqualsLiteral("public-key")) {
+      if (!aOptions.mPubKeyCredParams[a].mType.EqualsLiteral(
+              MOZ_WEBAUTHN_PUBLIC_KEY_CREDENTIAL_TYPE_PUBLIC_KEY)) {
         continue;
       }
 
@@ -546,7 +548,8 @@ already_AddRefed<Promise> WebAuthnManager::GetAssertion(
 
   nsTArray<WebAuthnScopedCredential> allowList;
   for (const auto& s : aOptions.mAllowCredentials) {
-    if (s.mType.EqualsLiteral("public-key")) {
+    if (s.mType.EqualsLiteral(
+            MOZ_WEBAUTHN_PUBLIC_KEY_CREDENTIAL_TYPE_PUBLIC_KEY)) {
       WebAuthnScopedCredential c;
       CryptoBuffer cb;
       cb.Assign(s.mId);
@@ -556,16 +559,21 @@ already_AddRefed<Promise> WebAuthnManager::GetAssertion(
       if (s.mTransports.WasPassed()) {
         uint8_t transports = 0;
 
-        // Transports is a string, but we match it to an enumeration so
-        // that we have forward-compatibility, ignoring unknown transports.
+        // We ignore unknown transports for forward-compatibility, but this
+        // needs to be reviewed if values are added to the
+        // AuthenticatorTransport enum.
+        static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
         for (const nsAString& str : s.mTransports.Value()) {
-          if (str.EqualsLiteral("usb")) {
+          if (str.EqualsLiteral(MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_USB)) {
             transports |= U2F_AUTHENTICATOR_TRANSPORT_USB;
-          } else if (str.EqualsLiteral("nfc")) {
+          } else if (str.EqualsLiteral(
+                         MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_NFC)) {
             transports |= U2F_AUTHENTICATOR_TRANSPORT_NFC;
-          } else if (str.EqualsLiteral("ble")) {
+          } else if (str.EqualsLiteral(
+                         MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_BLE)) {
             transports |= U2F_AUTHENTICATOR_TRANSPORT_BLE;
-          } else if (str.EqualsLiteral("internal")) {
+          } else if (str.EqualsLiteral(
+                         MOZ_WEBAUTHN_AUTHENTICATOR_TRANSPORT_INTERNAL)) {
             transports |= CTAP_AUTHENTICATOR_TRANSPORT_INTERNAL;
           }
         }

dom/webauthn/WinWebAuthnManager.cpp

@@ -11,6 +11,7 @@
 #include "mozilla/Unused.h"
 #include "nsTextFormatter.h"
 #include "nsWindowsHelpers.h"
+#include "WebAuthnEnumStrings.h"
 #include "winwebauthn/webauthn.h"
 #include "WinWebAuthnManager.h"
 
@@ -233,11 +234,17 @@ void WinWebAuthnManager::Register(
 
     const nsString& userVerificationRequirement =
         sel.userVerificationRequirement();
-    if (userVerificationRequirement.EqualsLiteral("required")) {
+    // This mapping needs to be reviewed if values are added to the
+    // UserVerificationRequirement enum.
+    static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
+    if (userVerificationRequirement.EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
-    } else if (userVerificationRequirement.EqualsLiteral("preferred")) {
+    } else if (userVerificationRequirement.EqualsLiteral(
+                   MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED)) {
       winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
-    } else if (userVerificationRequirement.EqualsLiteral("discouraged")) {
+    } else if (userVerificationRequirement.EqualsLiteral(
+                   MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_DISCOURAGED)) {
       winUserVerificationReq =
           WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
     } else {
@@ -247,9 +254,14 @@ void WinWebAuthnManager::Register(
     if (sel.authenticatorAttachment().isSome()) {
       const nsString& authenticatorAttachment =
           sel.authenticatorAttachment().value();
-      if (authenticatorAttachment.EqualsLiteral("platform")) {
+      // This mapping needs to be reviewed if values are added to the
+      // AuthenticatorAttachement enum.
+      static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
+      if (authenticatorAttachment.EqualsLiteral(
+              MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM)) {
         winAttachment = WEBAUTHN_AUTHENTICATOR_ATTACHMENT_PLATFORM;
-      } else if (authenticatorAttachment.EqualsLiteral("cross-platform")) {
+      } else if (authenticatorAttachment.EqualsLiteral(
+                     MOZ_WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM)) {
         winAttachment = WEBAUTHN_AUTHENTICATOR_ATTACHMENT_CROSS_PLATFORM;
       } else {
         winAttachment = WEBAUTHN_AUTHENTICATOR_ATTACHMENT_ANY;
@@ -260,11 +272,17 @@ void WinWebAuthnManager::Register(
 
     // AttestationConveyance
     const nsString& attestation = extra.attestationConveyancePreference();
-    if (attestation.EqualsLiteral("none")) {
+    // This mapping needs to be reviewed if values are added to the
+    // AttestationConveyancePreference enum.
+    static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
+    if (attestation.EqualsLiteral(
+            MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE)) {
       winAttestation = WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_NONE;
-    } else if (attestation.EqualsLiteral("indirect")) {
+    } else if (attestation.EqualsLiteral(
+                   MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT)) {
       winAttestation = WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_INDIRECT;
-    } else if (attestation.EqualsLiteral("direct")) {
+    } else if (attestation.EqualsLiteral(
+                   MOZ_WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT)) {
       winAttestation = WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_DIRECT;
     } else {
       winAttestation = WEBAUTHN_ATTESTATION_CONVEYANCE_PREFERENCE_ANY;
@@ -559,11 +577,17 @@ void WinWebAuthnManager::Sign(PWebAuthnTransactionParent* aTransactionParent,
 
     // User Verification Requirement
     const nsString& userVerificationReq = extra.userVerificationRequirement();
-    if (userVerificationReq.EqualsLiteral("required")) {
+    // This mapping needs to be reviewed if values are added to the
+    // UserVerificationRequirement enum.
+    static_assert(MOZ_WEBAUTHN_ENUM_STRINGS_VERSION == 2);
+    if (userVerificationReq.EqualsLiteral(
+            MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED)) {
       winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_REQUIRED;
-    } else if (userVerificationReq.EqualsLiteral("preferred")) {
+    } else if (userVerificationReq.EqualsLiteral(
+                   MOZ_WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED)) {
       winUserVerificationReq = WEBAUTHN_USER_VERIFICATION_REQUIREMENT_PREFERRED;
-    } else if (userVerificationReq.EqualsLiteral("discouraged")) {
+    } else if (userVerificationReq.EqualsLiteral(
+                   MOZ_WEBAUTHN_RESIDENT_KEY_REQUIREMENT_DISCOURAGED)) {
       winUserVerificationReq =
           WEBAUTHN_USER_VERIFICATION_REQUIREMENT_DISCOURAGED;
     } else {